Kenexa Lcms Premier

kenexa_lcms_premier

Vendor: Ibm • 11 CVEs

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-1143 1Ibm 1Kenexa Lcms Premier May 13, 2026 Mar 27, 2017 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnera...Show more IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874.Show less
CVE-2017-1142 1Ibm 1Kenexa Lcms Premier May 13, 2026 Mar 27, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmissi...Show more IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874.Show less
CVE-2016-9994 1Ibm 1Kenexa Lcms Premier May 13, 2026 Mar 1, 2017 N/A· v4 7.1 HIGH· v3 6.5 MEDIUM· v2 IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in...Show more IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805.Show less
CVE-2016-9993 1Ibm 1Kenexa Lcms Premier May 13, 2026 Mar 1, 2017 N/A· v4 7.1 HIGH· v3 6.5 MEDIUM· v2 IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in...Show more IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.Show less
CVE-2016-9992 1Ibm 1Kenexa Lcms Premier May 13, 2026 Mar 1, 2017 N/A· v4 7.1 HIGH· v3 6.5 MEDIUM· v2 IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in...Show more IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.Show less
CVE-2016-5952 1Ibm 1Kenexa Lcms Premier May 13, 2026 Feb 1, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end da...Show more IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.Show less
CVE-2016-5951 1Ibm 1Kenexa Lcms Premier May 13, 2026 Feb 1, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre...Show more IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2016-5950 1Ibm 1Kenexa Lcms Premier May 13, 2026 Feb 1, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.
CVE-2016-5949 1Ibm 1Kenexa Lcms Premier May 13, 2026 Feb 1, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.
CVE-2016-5948 1Ibm 1Kenexa Lcms Premier May 13, 2026 Feb 1, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre...Show more IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2016-5937 1Ibm 1Kenexa Lcms Premier May 13, 2026 Feb 1, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.